Plan, implement, document and maintain cryptographic security assets and key management processes used to secure the Internet Domain Name System (DNS) and protect information.
• Create, implement and manage cryptographic keys (codes).
• Plan, implement and upgrade physical and administrative safeguards.
• Maintain security certificate authority hierarchy and certificate profiles.
• Write, review, edit, approve and maintain cryptographic key management security documentation and policies.
• Manage the lifecycle of security certificates, cryptographic keys, and cryptographic devices including Hardware Security Modules (HSMs).
• Plan and execute DNS security (DNSSEC) Root Key Signing Key (KSK) management ceremonies.
• Identify and propose process improvements to maintain maximum security and continuous operations.
• Minimize risks associated with managing cryptographic keys through effective planning and coordination of physical and logical security.
• Maintain and test disaster recovery plans for key management operations.
• Prepare responses to third-party security audits.
• Prepare briefings and attend meetings to discuss ICANN’s execution of its key management responsibilities.
• Up to 10% domestic and international travel is required.
• Bachelor’s or equivalent degree in Computer Science, Computer Engineering, Information Technology or related field
• 5 years of progressive, post-baccalaureate experience as a cryptographic key manager or as an IT/IS security analyst, engineer, consultant, or manager
• Experience must include 3 years in information technology security including Public Key Infrastructure (PKI), logical and physical security, hardware security modules (HSMs), IT security audits, risk management, and development of security policies.
• Certification required: Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA)
• Other: Requires up to 10% domestic and international travel. Must be authorized to work full-time in the U.S. without an employer sponsor.